From 1d2d77b27f0ed5e05c4fc6b6fdc22fdb16589eef Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 7 Dec 2020 18:17:33 +0100
Subject: [PATCH] MEDIUM: mux-h1: Return a 501-not-implemented for upgrade
 requests with a body

If an HTTP protocol upgrade request with a payload is received, a
501-not-implemented error is now returned to the client. It is valid from
the RFC point of view but will be incompatible with the way the H2
websockets will be handled by HAProxy. And it is probably a very uncommon
way to do perform protocol upgrades.
---
 src/mux_h1.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/mux_h1.c b/src/mux_h1.c
index 5bd9f3921f..0c5fc4473f 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -1466,6 +1466,14 @@ static size_t h1_process_input(struct h1c *h1c, struct buffer *buf, size_t count
 			TRACE_USER((!(h1m->flags & H1_MF_RESP) ? "rcvd H1 request headers" : "rcvd H1 response headers"),
 				   H1_EV_RX_DATA|H1_EV_RX_HDRS, h1c->conn, h1s, htx, (size_t[]){ret});
 
+			/* Reject Protocol upgrade request with payload */
+			if ((h1m->flags & (H1_MF_RESP|H1_MF_CONN_UPG)) == H1_MF_CONN_UPG && h1m->state != H1_MSG_DONE) {
+				h1s->flags |= H1S_F_NOT_IMPL_ERROR;
+				TRACE_USER("Upgrade with body not implemented, reject H1 message",
+					   H1_EV_RX_DATA|H1_EV_RX_HDRS|H1_EV_H1S_ERR, h1s->h1c->conn, h1s);
+				break;
+			}
+
 			if ((h1m->flags & H1_MF_RESP) &&
 			    h1s->status < 200 && (h1s->status == 100 || h1s->status >= 102)) {
 				h1m_init_res(&h1s->res);
-- 
2.39.5